[SiteLog]MT Security Update ?

算 SiteLog吧?

意外发现 MT 3.33 推出有一个 security update ?


The current status of our security update process:

* This is a mandatory update due to the severity of the combined vulnerabilities.
* These vulnerabilities were discovered by our own team during a routine security evaluation.
* There are currently no known malicious exploits targeting Movable Type for these issues.
* We will be disclosing full details of the vulnerabilities on our Professional Network blog in a couple of days allowing you to update in the meantime without incurring unnecessary risk.

这里 下了增量升级补丁,分析了半天也没有研究出来有什么安全漏洞?

估计问题是在 MT::SanitizeMT::Log 里面。

要升级的另外几个APP模块,MT::App, MT::App::CMS,MT::App::Search我都自己修改过,所以,不想升级。但是又担心有什么重大的bug。


By Easun 2006/09/27